1/7 




2/7 



Control 
Network 1 

Control 
Network 2 



< ► 



Control 
Network N 



Network l/F 



4 ► 



66 1 



< ► 



Network l/F K — ► 
T 



•66 2 



< ► 



Network l/F 



< ► 



66, 



< — ► 



Appliance 
Operating 
System 

r 



H/W Cypher 
Processor l/F 



H/W Cypher 
Processor l/F 



60 




140 



Application 
Program 
Instance(s) 



OS Service 
Instance(s) 



Kernel Space 
138 



User Space 
144 



142 



130- 



NIC Driver | 


j 


L 




r 


N 




ic 



Operating 
System 



Native Cypher 
Driver 



>124 



PEM 



^ . y 



134 



H/W Cypher 
Driver 



146 



CPU 



120 

Fig. 6 



i36y 



Encryption & 
Compression 
Co-Processor 

— C 



Main 
Memory 



122 
~124 



128 



3/7 



Signature 




80 



Fig. 4 



Request 
Receipt 



^92 



Determine Req. 
Class Type 



/^o FIG. 5 



^94 





Default Load 
Ref. Select \ 



Yes 98 



Determine Op & 
Qual. Data 



Yes 100 



No Other 
102 



108 



Lookup Up 
Policy(s) 




114 



Response 
Return 



Denied 



116 



Enabled 



Implement 
Policy 



4/7 



FlC. 7 




OS Interface 



OSI/F 



^152, ' 



Network PEM 




Cypher 1 





Operating System Kernel 



7 



160 



162 



VFS Switch | 



4 



Cypher 



172 



I 




172 



158 



F/SPEM p .'1'lL J 



164 



~^"l52c 166 



File System(s) 



Network 
Stack 



Remote Storage 

Local 
Storage 



150 



Network l/F 



Network l/F 



168 



170 

Security 
Network 



Network 
Resources 



Cypher Process 
Communications Data 



Receive 
Comm. Data 







NO 




r 




r *\ 
Queue for Native 




Processing 


< < 

Queue 




r 


Full 

188 




Fic. 8 



186 



r 


\ 


Queue for H/W 


Accel. Processing 












r 

\ 



192 



6/7 

Open Application Instance 



Receive Run 
Appl. Request 



Terminate 




246 




* 60 

Security/-' 

Appliance 
4 



Execute 
Application 



24^, 

FIG. 10 



248 



60 



Security 
Appliance 



Close Tunnel 



Open Tunnel 







Intercept 


Network Request 












r 


r 


\ 


Determine 


Target 







252 



Terminate 



1 



Inactivity 
Timeout 



Close 
Tunnel/Process 
Request 



v: 



Negotiate 
Session Key 

— * — 



314 




Terminate 



312 



I 



Close Tunnel & 
Release Resources 



316 



/A 



310 

Fig. 15 



j^-t — ^ 



Initialize 
Tunnel 



250 J 



Fig. 11 



7/7 



Transfer Request/Data 



Receive Network 
Request 



272 



Associate 
Request with 
Tunnel 



276 



If 



274 



Determine 
Request Function 




Yes 278 



Compress Data 
(Optional) 



60 

•A / 

Security 

Appliance 



280 



Encrypt Data 



I 



Transmit Data 



T 



282 



284 



270 B 



270 A 







Receive Data 




■ * 




r 




\ 


Determine Target 


Process 







290 



292 




Ignore 



r 




Decrypt Data 








f 






Decompress Data 


as Needed 








r 






Pass Request to 


Process 







296 



2958 



300 



FlC. 12 



